Backend DDoS protection

Is your website hosted behind a CDN? Could an attacker brute force or guess your website’s origin URL? Are your origin servers hardened against DDoS threats?  A common website configuration consists of hosting your applications with infrastructure...
Don’t get Zoomed!

Don’t get Zoomed!

Zoom has had a tough week. While usage has been setting new records they have had to cope with a slew of security gaffes that have received lots of media attention. Concern over some of these issues is justified. However, Zoom seems to be getting more than its fair...
On Mitigation Strategies

On Mitigation Strategies

Introduction At Carve we perform at a lot of web application security assessments. Once we (1) find a vulnerability, we (2) confirm that it’s reproducible, write a proof of concept (PoC) exploit for the vulnerability to determine the impact, and then (3) focus...